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This hotfix contains updates to the NICI and OpenSSL components. 


What’s New? 


This release includes updates to the following components: 


Support for NICI 3.2.0 

This hotfix contains an updated version of NICI (3.2.0) which has a different FIPS 140-2 validated cryptography 
library with an active certificate. 

Updates for Third-party Components 


This hotfix includes an updated version of OpenSSL (1.0.2y). 


System Requirements 
You must have the following versions at a minimum to apply this hotfix: 


+ eDirectory 9.2.4 
+ ¡Manager 3.2.4 
+ Identity Manager 4.8.3 


Updating This Hotfix on Linux 


When two or more Identity Manager components are installed on the same server, you must stop the 
corresponding services before updating to this hotfix. For example, if Identity Vault and iManager are installed 
on the same server, you must stop the Identity Vault and the iManager Tomcat services before performing an 
update. 


This hotfix requires you to update the following components based on your requirement. 


+ “Updating Identity Vault” on page 2 

+ “Updating Remote Loader” on page 3 

+ “Updating Fanout Agent” on page 3 

+ “Updating iManager” on page 3 

+ “Updating Identity Applications” on page 4 
+ “Updating Identity Reporting” on page 4 


Updating Identity Vault 


You can update the Identity Vault as a root or non-root user. 


Updating Identity Vault as a Root User 


1 Run the following command to stop the Identity Vault instance: 
ndsmanage stopall 

2 Download and extractthe eDirectory-9.2.4-HF1.zip file. 

3 Navigate tothe <HF extracted location>/Linux directory. 

4 Run the following command: 


rpm -Uvh patterns-edirectory-9.2.4-1.x86_64.rpm nici64-3.2.0-0.x86_64.rpm 
netiq-openssl-1.0.2y-0.x86_64.rpm 


5 Run the following command to start the Identity Vault instance: 


ndsmanage startall 


Updating Identity Vault as a Non-root User 


1 Log in as a non-root user on the server where Identity Vault is installed. 
2 Run the following command to stop the Identity Vault instance: 
ndsmanage stopall 
3 Login asa root user and perform the following steps: 
3a Download and extract the eDirectory-9.2.4-HF1. zip file. 
3b Navigate to the <HF extracted location>/Linux directory. 
3c Run the following command: 
rpm -Uvh nici64-3.2.0-0.x86_64.rpm 


3d Copy the nonroot. tar.gz file to the location where Identity Vault is installed. For example, / 
home/ediruser. 
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4 Log in as a non-root user. 
5 Navigate to the location where Identity Vault is installed. For example, /home/ediruser. 
6 Extract the nonroot.tar.gz file 
tar -xvf nonroot.tar.gz 
7 Run the following command to start the Identity Vault instance. 


ndsmanage startall 


Updating Remote Loader 


NOTE: Before updating the Remote Loader, ensure that the following components are stopped: 


+ Remote Loader instance 


+ Driver instance running with the Remote Loader 


1 Download and extract the Identity_Manager_4.8.3_HF1_Common_deps. zip file. 
2 Navigate to the <HF extracted location>/common/Linux directory. 


3 (Conditional) If you are running a 64-bit Remote Loader, navigate to the x86_64 directory and run the 
following commands: 


rpm -Uvh nici64-3.2.0-0.00.x86_64.rpm 
rpm -Uvh netiq-openssl-1.0.2y.x86_64.rpm 


4 (Conditional) If you are running a 32-bit Remote Loader, navigate to the 1586 directory and run the 
following command: 


rpm -Uvh netig-openssl-32bit-1.0.2y.x86_64.rpm 


5 Start the Remote Loader instance and the driver instance. 
Updating Fanout Agent 


NOTE: Before updating the Fanout Agent, ensure that the following components are stopped: 


+ Fanout Agent instance 


+ Driver instance 


1 Download and extract the Identity_Manager_4.8.3_HF1_Common_deps. zip file. 
2 Navigate to the <HF extracted location>/common/Linux/x86_64 directory. 
3 Run the following command to update NICI: 

rpm -Uvh nici64-3.2.0-0.00.x86_64.rpm 


4 Start the Fanout Agent instance and the driver instance. 


Updating ¡Manager 


1 Stop the ¡Manager Tomcat instance: 
rcnovell-tomcat9 stop 
2 Download and extract the iManager -3.2.4-HF1. zip file. 
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3 Navigate tothe <HF extracted location>/Linux/ directory. 
4 Run the following commands: 

rpm -Uvh netiq-openssl-1.0.2y-0.x86_64.rpm 

rpm -Uvh nici64-3.2.0-0.x86_64.rpm 
5 Start the iManager Tomcat instance. 


rcnovell-tomcat9 start 


Updating Identity Applications 


1 Stop the Tomcat service. 
systemctl stop netiq-tomcat.service 
2 Download and extract the Identity_Manager_4.8.3_HF1_Common_deps. zip file. 
3 Navigate tothe <HF extracted location>/common/Linux/x86_64 directory. 
4 Run the following command to update OpenSSL: 
rpm -Uvh netiq-openssl-1.0.2y.x86_64.rpm 
5 Restart the NGINX service: 
systemctl restart netiq-nginx.service 


6 (Conditional) If you are using the PostgreSQL database shipped with Identity Manager, run the following 
command to restart PostgreSQL. 


systemctl restart netiq-postgresql.service 
7 Start the Tomcat service: 


systemctl start netiq-tomcat.service 


Updating Identity Reporting 


This hotfix does not contain any updates for Identity Reporting. 


Updating This Hotfix on Windows 


When two or more Identity Manager components are installed on the same server, you must stop the 
corresponding services before updating to this hotfix. For example, if Identity Vault and iManager are installed 
on the same server, you must stop the Identity Vault and the iManager Tomcat services before performing an 
update. 


This hotfix requires you to update the following components based on your requirement. 


+ “Updating Identity Vault” on page 5 

+ “Updating Remote Loader” on page 5 

+ “Updating Fanout Agent” on page 5 

+ “Updating iManager” on page 6 

+ “Updating PostgreSQL” on page 6 

+ “Updating Identity Applications” on page 7 
+ “Updating Identity Reporting” on page 7 
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Updating Identity Vault 
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Stop the Identity Vault service. 


Download and extract the eDirectory-9.2.4-HF1.zip file. 


Navigate to the <HF extracted location>\Windows directory. 


Copy all the files to the location where Identity Vault is installed. For example, C: \NetIQ\eDirectory. 


Run the NICI_wx64.msi to upgrade NICI. 


Start the Identity Vault service. 


Updating Remote Loader 


NOTE: Before updating the Remote Loader, ensure that you perform the following steps: 


+ Stop the Remote Loader instance 


+ 


+ 


Stop the Driver instances running with the Remote Loader 


Close the Remote Loader Console 


Download and extract the Identity_Manager_4.8.3_HF1_Common_deps . zip file. 


(Conditional) If you are running a 64-bit Remote Loader, perform the following steps: 


2a 
2b 
2c 


2d 


2e 


Navigate to the <Identity Manager installed location>\Common\OpenSSL folder. 
Back up the libeay32.d11 and ssleay32.d11 files. 


Open command prompt and navigate to the <HF extracted 
location>\common\Windows\x86_64 folder. 


Run the NetIQ-OPENSSL. exe: 


NetIQ-OPENSSL.exe -i PRODUCT_NAME=IDM PRODUCT_VERSION=4.8.3.0 
STAND_ALONE_UPGRADE=true 


(Conditional) If Remote Loader is running on a standalone server, perform the following steps: 
2e1 Navigate to the <HF extracted location\common\Windows\x86_64 folder. 
2e2 Run the NICI_wx64.msi to upgrade NICI. 


3 (Conditional) If you are running a 32-bit Remote Loader, perform the following steps: 


3a 
3b 
3c 
3d 


3e 


Navigate to the <Identity Manager installed location>\RemoteLoader\32bit folder. 
Back up the libeay32.d11 and ssleay32.d11 files. 
Navigate to the <HF extracted location>\common\Windows\i586 folder. 


Copy the Libeay32.d11 and ssleay32.d11 files to the <Identity Manager installed 
location>\RemoteLoader\32bit folder. 


Run the NICI_w32.msi to upgrade NICI. 


4 Start the Remote Loader instance and the driver instance. 


Updating Fanout Agent 


This procedure applies only if Fanout Agent is installed on a standalone server. 
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NOTE: Before updating the Fanout Agent, ensure that the following components are stopped: 


+ Fanout Agent instance 


+ Driver instance 


Download and extract the Identity_Manager_4.8.3_HF1_Common_deps. zip file. 
Navigate to the <HF extracted location>\common\Windows\x86_64 directory. 
Run the NICI_wx64.msi to upgrade NICI. 
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Start the Fanout Agent instance and the driver instance. 


Updating iManager 


1 Log in to the server where iManager is installed. 
2 Stop the Tomcat service. 


3 Navigate to the location where iManager is installed. For example, <Identity Manager installed 
location>\IDM\iManager\Tomcat\webapps\nps\WEB-INF\bin\windows. 


4 Back up the libeay32.d11, ssleay32.d11, openssl_checksum.txt and 
openssl_checksum.txt.asc files. 


5 Download and extract the iManager -3.2.4-HF1.zip file. 
6 Navigate to the <HF extracted location>\Windows folder. 


7 Copy the libeay32.d11, ssleay32.d11, openssl_checksum. txt and 
openssl_checksum.txt.asc files to the path where ¡Manager is installed. 


For example, <Identity Manager install 
location>\IDM\iManager \Tomcat \webapps \nps \WEB- INF\bin\windows. 


8 Navigate to the <HF extracted location>\Windows folder. 
9 Run the NICI_wx64.msi file. 


10 Start the Tomcat service. 


Updating PostgreSQL 


NOTE: This procedure applies only if you are using the PostgreSQL shipped with Identity Manager and you are 
running PostgreSQL 12.2 or later versions. 


Log in to the server where PostgreSQL is installed. 

Navigate to the location where PostgreSQL is installed. For example, C: \NetIQ\IDM\postgres. 
Navigate to the bin folder and back up the libeay32.d11 and ssleay32.d11 files. 

Stop the NetIQ PostgreSQL service. 

Download and extract the Identity_Manager_4.8.3 HF1_Common_deps. zip file. 

Navigate to the <HF extracted location>\common\Windows\x86_64 folder. 


Copy the libeay32.d11 and ssleay32.d11 files to the path where PostgreSQL is installed. For 
example, C: \NetIQ\IDM\postgres\bin. 


8 Start the NetIQ PostgreSQL service. 
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Updating Identity Applications 


This hotfix does not contain any updates for Identity Applications. 


Updating Identity Reporting 


This hotfix does not contain any updates for Identity Reporting. 


Known Issues 


NetlQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. 
There are no new issues other than the issues mentioned in NetIQ Identity Manager 4.8 Release Notes. If you 
need further assistance with any issue, contact Technical Support. 


Contact Information 


Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please 
email Documentation-Feedback@netig.com. We value your input and look forward to hearing from you. 


For detailed contact information, see the Support Contact Information website. 
For general corporate and product information, see the NetlQ Corporate website. 


For interactive conversations with your peers and NetIQ experts, become an active member of our community. 
The NetIQ online community provides product information, useful links to helpful resources, blogs, and social 
media channels. 


Legal Notice 


For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, 
U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/. 


© 2021 NetIQ Corporation. All Rights Reserved. 
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